Debian DSA-3934-1 : git - security update
Medium Nessus Plugin ID 102374
SynopsisThe remote Debian host is missing a security-related update.
DescriptionJoern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs.
This allowed an attacker to run an arbitrary shell command, for instance via git submodules.
SolutionUpgrade the git packages.
For the oldstable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u4.
For the stable distribution (stretch), this problem has been fixed in version 1:2.11.0-3+deb9u1.